3 Answers
3

Sites collections contain the people (users, AD groups) and groups (SharePoint groups) that are available for all sites within the site collection. The idea is a site collection contains sites that have some overlap in user membership or business function. They are a collection of like-minded sites (in some aspect).

This is confusing to many users as we like to think of sites as being self-contained when in reality they are not. It works very much like the Windows security model. Your computer has users and groups (for this example imagine a standalone workstation and not a computer attached to a domain). These users and groups are available to all drives, folders, and files on the computer. Say you have two disk drives: C: and D:. If you check the security tab for both you can look up and use the same set of users and groups for both. Same thing if you go deeper into folders and files. In SharePoint imagine your computer is a site collection and your sites are the drives (libraries = folders, list items = files). The behavior is consistent.

The security boundary for your computer is your computer. Because you have a user account on your computer does not mean you automatically have a user account in your friend's computer. In SharePoint, the security boundary is the site collection. If you add users to Site Collection ABC they are not automatically members of Site Collection XYZ.

You can break inheritance to Site A and Site B but if you look at People and Groups you will still see any groups and users you have added to either site in the other site. It doesn't mean they have permissions to each other's sites (just like breaking NTFS inheritance and setting different permissions to folders or files means different users have different access) but you can still see the users and groups.

This is by design. If you don't want either group to see each other then you need to create separate Site Collections instead of Sites.

As @AmitKumawat said, you can break inheritance, but understand you are masking the groups here not seperating them (i.e. inheritance and security trimming). Users that are members of both groups will see both groups regardless of the site they are in.

Groups are created at the site collection level so if you need to have these security groups isolated you neet two site collections.